OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: XeroX on September 03, 2020, 07:59:04 pm

Title: Firewall Rules Optimization
Post by: XeroX on September 03, 2020, 07:59:04 pm
Hello @Firewall Advanced Settings, I can find "Firewall Rules Optimization". It allows None, Basic and Profile.

I searched for pfctl and found the exact same description. What is it exactly doing on "Profile"?

What is the best setting for maximum optimization if I've spare memory and processor time?

Cheers
Title: Re: Firewall Rules Optimization
Post by: Fright on September 04, 2020, 08:03:00 am
it's not really about hardware. just an attempt to arrange the order of the rules (and some rules "cleaning") to reduce the number of iterations.
so if you have no doubts about the correctness of the optimization or special strict conditions for the order of applying the rules, just leave it at the default.
As far as I understand, the "profile" is trying to additionally change the order of the rules with the quick directive, based on real traffic statistics. (that is, this is a "basic" plus additional optimization of quick rules).

good reading: http://undeadly.org/cgi?action=article&sid=20060927091645
Title: Re: Firewall Rules Optimization
Post by: XeroX on September 05, 2020, 02:37:08 pm
Thanks alot.

Really good article about pfctl.